AppL No. 10/716,588 

Amdt. dated March 19, 2007 

Reply to Office Action of December 19, 2006 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 

Listing of Claims: 

1 . (Currently amended) A method, comprising: 

calculating a first part of a message authentication function by a first 
processor; 

calculating a second part of the message authentication function by a 

second processor; and 
combining the results of the first and second parts into the a^message 

authentication code by the first or second processors ; and 
using the message authentication code to authenticate data . 

2. (Currently amended) The method of claim 1 wherein the message 
authentication funct i on code is used, in part, to authenticate data transmitted 
between the first processor and a third processor. 

3. (Original) The method of claim 1 wherein the first and second processors 
are provided in separate computer systems. 

4. (Original) The method of claim 1 wherein the first and second parts of the 
message authentication function consist of one-way hash functions. 

5. (Original) The method of claim 1 wherein calculating the first part 
comprises calculating a value without having a data key associated with the 
function. 

6. (Original) The method of claim 1 wherein calculating the second part 
comprises calculating a value for a data set without having contents of the data 
set. 
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7. (Currently amended) The method of claim [[1]] 6 further comprising 
storing the contents into a non-volatile memory coupled to the first processor and 
storing the message authentication code into non-volatile memory coupled to the 
second processor. 

8. (Currently amended) The method of claim 1 further comprising calculating 
[[a]] the message authentication code using the message authentication function 
on a data set, wherein the message authentication code can be used to 
authenticate a record that consists of the data set. 

9. (Currently amended) A method implemented in a first computer, 
comprising: 

creating a record; 

computing a first part of a message authentication function using the 

contents of the record; 
providing the result of the first part to a second computer; and 
receiving the result of a second part of the message authentication 
function from the second computer, said second part computed 
using a data key that is not available to the first computer. 

10. (Original) The method of claim 9 further comprising encrypting the record 
and transmitting the record to a third computer. 

1 1 . (Currently amended) A system, comprising: 

a first processor configured to compute a first part of a multi-part message 

authentication function; 
a second processor in communication with the first processor, the second 

processor is configured to compute a second part of the message 

authentication function; 
wherein the first part of the message authentication function tak e s is based 

on the contents of a record and the second part takes is based on a 
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data key, and wherein the data key is inaccessible by the first 
processor does not have th e data key and the record contents are 
inaccessible by the second processor doos not havo tho record 
contents . 

12. (Original) The system of claim 11 wherein the message authentication 
function is used to authenticate data transmitted between the first processor and 
a third processor. 

13. (Currently amended) The system of claim 11 wherein the second 
processor i s configured to compute combines the message authentication 
function parts and based on tho resu l t of tho first part of tho mossago 
auth e nt i cat i on funct i on computed by the f i rst proc e ssor, and th e s e cond 
proc e ssor provides the combined message authentication function result to the 
first processor to permit the first processor to authenticate the record with the 
combined message authentication function result and provide the encoded 
authenticated record to a third processor. 

14. (Original) The system of claim 1 1 wherein the first processor receives the 
second part from the second processor and encodes a record with the second 
part and transmits the encoded record to a third processor. 

15. (Currently amended) The system of claim 11 wherein the first processor 
receives the record from a third processor, computes the first part of the message 
authentication function using the contents of the record, and sends the result of 
the first part of the message authentication function and the a message 
authentication code in the record to the second processor. 

16. (Currently amended ) The system of claim 11 wherein the second 
processor i s conf i gur e d to comput e combines the message authentication 
function earts_ based on tho resu l t of tho f i rst part of tho mossago authent i cat i on 
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funct i on computed by tho f i rst processor, and tho second procossor validates the 
a message authentication code prov i ded by, i n part, tho f i rst procossor and 
roco i vod from a th i rd procossor i n tho record, using the combined message 
authentication function resu l t . 

1 7. (Currently amended) A computer, comprising: 
a processor; and 

memory containing code executable by said processor; 

wherein said executable code causes said processor to compute a first 
part of a message authentication function i nc l ud i ng based on 
contents of a record, prov i d i ng to provide the result of said first part 
to a second computer, rece i v i ng to receive a the result of a second 
part of the message authentication function from the second 
computer, and e ncod i ng to encode the record with the result of the 
second part; and 

wherein the record contents are not rovoa l od to hidden from the second 
computer and wherein the second part is computed by the second 
computer using a data key that is not r e v e al e d to hidden from the 
first computer. 

18. (Cancelled). 

19. (New) A system, comprising: 
a server; 

a client coupled to the server; and 

a witness computer coupled to the client; 

wherein the client has access to data that is inaccessible to the witness 
computer and wherein the witness computer has access to a data key that is 
inaccessible to the client, and 

wherein at least some communications between the server and the client 
are authenticated by combining a multi-part message authentication function, a 
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first part of the message authentication function being computed by the client 
using the data and a second part of the message authentication function being 
computed by the witness computer using the data key. 

20. (New) The system of claim 19, wherein the multi-part message 
authentication function is a decomposable hashed-based message authentication 
code (HMAC). 
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